Thursday, February 23, 2012

latimes.comJust as U.S. companies are coming to grips with the threats to their computer networks emanating from cyber spies based in China, a noted expert is highlighting what he says is an even more pernicious vulnerability in smartphones.

Dmitri Alperovitch, the former McAfee cyber security researcher who is best known for identifying a widespread China-based cyber espionage operation he dubbed "Shady Rat," has used a previously unknown hole in smartphone browsers to deliver an existing piece of China-based malware that can commandeer the device, record its calls, pinpoint its location and access user texts and emails. He conducted the experiment on a phone running Google's Android operating system, although he says Apple's iPhones are equally vulnerable.

"It's a much more powerful attack vector than just getting into someone's computer," said Alperovich, who just formed a new security company, called Crowdstrike, with former McAfee chief technology officer George Kutz.

Alperovich, who has consulted with the U.S. intelligence community, is scheduled to demonstrate his findings Feb. 29 at the RSA conference in San Francisco, an annual cyber security gathering. The Shady Rat attack he disclosed last year targeted 72 government and corporate entities for as long as five years, siphoning off unknown volumes of confidential material to a server in China.

Prior to starting ComSec LLC in 2007, Mr. LeaSure was active within the counterespionage, counterterrorism and TSCM fields for 26 years. He has attained the prestigious CCISM, Certified Counterespionage Information Security Management Certification. He also has extensive training, knowledge and experience in the identification of eavesdropping devices, espionage detection methods and the intelligence collection tactics most often employed by perpetrators of electronic espionage.

J.D. LeaSure is also the Director of the Espionage Research Institute International (ERII). As Director, he is tasked with ensuring the organization is successful in its mission to provide continuing education, facilitate professional relationship building and ensure the counterespionage & counterintelligence skill sets of its membership remains current as espionage tactics and devices evolve.